Closed madser123 closed 2 months ago
Hi @madser123
Thanks for your detailed report. I have been able to reproduce your issue.
There's a mix of issues in your values.yaml and yaml limitations. You have declared app.tls.autogenerate
as false. That requires app.tls.existingSecret
to be defined to point to some secret in your k8s cluster. Maybe we can make the chart fail and notify the user about the requirement.
Then the chart has a bug that is not quoting correctly the defined pasboltEnv.plain.DATASOURCES_DEFAULT_HOST
and passboltEnv.plain.DATASOURCES_DEFAULT_PORT
. This one I have found a workaround for it defining them as follows:
passboltEnv:
plain:
DATASOURCES_DEFAULT_HOST: |
"myhost"
DATASOURCES_DEFAULT_PORT: |
"myport"
In any case we'll release a hotfix for the quoting on numeric env vars.
@dlen Thank you for the quick response. It would be nice with the hotfix in the future, but the workaround is just fine for now :smile:
Out of curiosity, and because i don't quite understand the TLS setup in Passbolt, why is the TLS required through either a Secret or as autogenerated?
We have HTTPS handles by our Load Balancer in AWS, and therefore wanted to use Passbolt as HTTP only, that's why we initally omitted the TLS part.
No problem!
Yeah passbolt listens by default on port 443 and port 80 even if you don't want to use SSL between your ingress and passbolt because you trust your internal network.
There's some room for improvement in that area for people that just want SSL offloading, you are right. However, we don't really think you should have unencrypted connections to passbolt at all. Consider it a "procrastination for better security practices" :laughing:
It seems like the workaround actually doesn't quite work. I'm getting this error after deployment.
<p class="error">
The DSN string 'postgres://passbolt:password@passbolt-db.hiper.dk:"5432"/passbolt?schema=passbolt' could not be parsed.
</p>
I believe that the quotes aren't working around the port, unfortunately...
Yeah I think is just my workaround that is not good enough. I'll prepare a hotfix for today.
Sounds great. Thank you!
Release 1.1.1 has been published with a fix. It should work now, in any case feel free to reopen or create a new issue if there's any other scenario that requires attention.
Thanks for your report!
After hours of debugging i can't find the error for this. Other than it might originate from the Deployment.yaml file in the repo, and not from my values.yaml...
I can see that a new release has been made recently, which is the only reason (And the fact that i have checked everything i know of on my end) that i suspect the error originates in the Chart, and not in my values.
Here is my (anonymized) values.yaml file:
Output from
helm install hiper-passbolt passbolt-repo/passbolt -f ./values.old.yml --debug
I hope someone can help :)